Seems like at the end of the day, any biometric data-driven password is going to be ones and zeroes at some point over the wire and thus crackable. Maybe not, but that's what makes me uneasy about these devices.

Someone in the comments here made an observation recently that if someone cracks your text-based password, you can always change it. If someone can imitate your fingerprint/retina/etc., that's going to be a lot more difficult to change.

Someone in the comments here made an observation recently that if someone cracks your text-based password, you can always change it. If someone can imitate your fingerprint/retina/etc., that's going to be a lot more difficult to change.

That's ok. If someone manages to imitate your heartbeat you just need to get an artificial heart transplant so that you match everyone else that's gotten one...

At first blush this is better than fingerprint readers and the risk of having your fingers stolen. But I only have one heart and vascular system: I cannot risk someone needing to hack in badly enough that they steal those.

The point about losing the bracelet seems unfair. What if you forget your password? What if you lose your key? No security system can rely on a single unlock method, there always have to be multiple methods. The secondary ones can be less convenient to use though.

I'm not sold on the idea of using only "something you have" with no "something you know" component to electronically protect anything not totally trivial. The combination of "have" and "know" is quite strong. Additionally, good "have" components are variable over time -- ie login tokens that generate a number sequence -- and can be replaced if they are compromised. Biometrics are neither. Try getting a new heartbeat when a fraudster swipes yours.

What aspects of the ECG are unique to an individual and what is the data behind the use of ECG metrics as a personal identifier? I would expect some aspects of the ECG to change depending on whether you are running or walking, what medication you are taking, if you had a heart attack, etc... Other aspects might fall in a narrow range such that not an insignificant number of people might share those attributes.

That's a pretty ugly wristband, too. A risk should be having to fish it out of your pocket and snap it on to pay for stuff because you don't want to always keep it on your wrist since it clashes with your cufflinks.

So, my main concern is less technical and more medical. Some of us have slight irregularities in our heartbeat that manifest at random intervals. Couple that with hypertension, and suddenly I can't unlock anything.

Now, the hypertension can be dealt with by ignoring magnitude of the "blip" and only focusing on the bit stream.

But the non-periodic arrhythmia? That seems much harder...

Also, what about time frame? Does this have to be on your wrist for a certain amount of time prior to being usable? Just once, or every time you use it?

Please, everyone that reads this, never ever ever ever hint, imply, suggest, or otherwise encourage the use of biometrics (fingerprints, iris scan, or apparently EKG?) as an authentication factor. If you think it's hard to change your password everywhere when there's a breach, just imagine how much harder it would be to get your finger changed too.

The angle Dan didn't seem to address was what happens when the company is hacked and their database is exploited? Can't really send out a mass email telling everyone to change their heart profile, can they?

I have a medical condition called Persistent Atrial Fibrillation. My heart rate is all over the map. It does not stay the same for even 10 seconds at a time no matter what my activity level is. - How will this gadget handle that?

I have a medical condition called Persistent Atrial Fibrillation. My heart rate is all over the map. It does not stay the same for even 10 seconds at a time no matter what my activity level is. - How will this gadget handle that?

Sounds like you have the extreme end of my problem. Mine is non-periodic, at a much slower rate, but still, same problem from the POV of this tech, I would think.

Well, yours would never work. Mine would just arbitrarily not work every so often.

The ECG signal is highly variable, getting a diagnostic-quality result requires precise placement of the electrodes directly over the heart in a controlled environment (not touching metal objects, not close to strong sources of EMF) and even then it will change from day to day. And yet these people claim they can get a 'signature' from one electrode on a wrist? There are a host of factors that alter the cable properties of the body and change the shape of the QRS waveform that will be detected at the end of your arm. I just don't see how they can control for those while still producing something secure.

As a former EMT who has seen plenty of ECGs, I wouldn't trust this thing until they get a dozen cardiologists to approve. Even a normal healthy individual can have temporary irregularities. False negatives would worry me just as much as attempts to bypass.

Why don't we just use voiceprints for security? A user could be required to read an arbitrary word or phrase to unlock their smartphone, or to authorize something, or whatever. An arbitrary word/phrase eliminates any possibility of recording someone saying their password and replaying it to unlock a device.

Why don't we just use voiceprints for security? A user could be required to read an arbitrary word or phrase to unlock their smartphone, or to authorize something, or whatever. An arbitrary word/phrase eliminates any possibility of recording someone saying their password and replaying it to unlock a device.

Surely that's within the capabilities of modern smartphones...

If it works how I think you're suggesting it works, it would involve a deep understanding of your personal voice in order to work with it, which would be difficult to analyze on the fly or without tonnes of data to work with. So anyone wanting such password protection would have to read a book outloud for a while in order to get some kind of system to match with. Otherwise when it prompts you to say "Dog", how does it know it's not you saying dog unless you've said it to it before? (I also really don't want to be saying "Purple monkey dishwasher" everytime I need to unlock my phone in the office either)

Anyway, the idea in the article seems like it would break down after the first time I try unlock my car after going for a run.

It requires at least 3 electrodes in specific positions on the chest to obtain a traditional-looking ECG.Even if this device measured 2 points on the wrist to get a single ECG lead, I wouldn't imagine there's much potential difference generated by the heart between those points, and the signal would be more noise than anything else.

Second, I hope you can hold your breath and keep perfectly still for however long this thing records for - or else your 'unique signature' will look suspiciously close to that of someone on the verge of death.

While most people's ECG will end up looking different from others eventually, that uniqueness is really a build up of whatever cardiac insults they've accumulated. I assume that this will be marketed to healthy young people, whose pattern will look decidedly generic.

Please, everyone that reads this, never ever ever ever hint, imply, suggest, or otherwise encourage the use of biometrics (fingerprints, iris scan, or apparently EKG?) as an authentication factor. If you think it's hard to change your password everywhere when there's a breach, just imagine how much harder it would be to get your finger changed too.

The angle Dan didn't seem to address was what happens when the company is hacked and their database is exploited? Can't really send out a mass email telling everyone to change their heart profile, can they?

I also worry about the fifth amendment implications. Giving up a password is at least arguably testimony against yourself (SCOTUS hasn't set precedent), but fingerprints, blood, retinas and presumably heartbeats are fair game.

This seems pointless. If you have to carry around a special device as your password, it does not need to monitor your heart to contain a random ID. It could simply generate a few thousand random bits and use that instead. Even better, it could generate a unique ID for each service and store those within an internal database, making it so that man in the middlesque attacks can only compromise one service at a time. Best of all, you can regenerate stolen passwords. You would probably be able to do all that using less battery power than an ECG reader, it would log you in quicker, and I would imagine be even cheaper to build. - This is the sort of software that I imagine will reign supreme in the wearable computing world.

This seems pointless. If you have to carry around a special device as your password, it does not need to monitor your heart to contain a random ID. It could simply generate a few thousand random bits and use that instead. Even better, it could generate a unique ID for each service and store those within an internal database, making it so that man in the middlesque attacks can only compromise one service at a time. Best of all, you can regenerate stolen passwords. You would probably be able to do all that using less battery power than an ECG reader, it would log you in quicker, and I would imagine be even cheaper to build. - This is the sort of software that I imagine will reign supreme in the wearable computing world.

The only upside I see is that, at least in theory, the biometric side of it means that the bracelet won't work if lost or stolen. Still, that seems like a fairly small benefit for most people.

I don't see a problem with biometrics as an authentication factor as long as they are only used locally.So the band would verify the biometric and then use some other challenge response mechanism to authenticate with everything else.Use the biometric to lock away a private key locally but don't use the biometric data as the private key.

However I would worry about just how reliable this kind of ECG reading would be.

Deet's fantasy bracelet is probably just as handy.You could have it prompt for PIN once a day or after it's been removed, the Nymi claims to have a sensor to detect removal.Mind you then you could remove someones arm as a way to get it without triggering the lock.Security is tricky business.

Problem is the current state of the bluetooth 4 chips and software.A lot of the stacks are absolute shite ( especially TI's cc254x - its a 8051 + bluetooth radio)

Bluetooth4 itself has a very heavy weight protocol over a low bandwidth connection.Fine if you have small amounts of data like heart rate but not good if you have lots of data like eeg/ecg of a decent resolution - better sticking with bluetooth 2 but will take a hit on battery life

This seems pointless. If you have to carry around a special device as your password, it does not need to monitor your heart to contain a random ID. It could simply generate a few thousand random bits and use that instead. Even better, it could generate a unique ID for each service and store those within an internal database, making it so that man in the middlesque attacks can only compromise one service at a time. Best of all, you can regenerate stolen passwords.

You just described the device in the article. Your biometrics are how you authenticate to the braclet, not how it authenticates to the remote service.

The two steps deserve different criticisms, due to independent weaknesses.

This seems pointless. If you have to carry around a special device as your password, it does not need to monitor your heart to contain a random ID. It could simply generate a few thousand random bits and use that instead. Even better, it could generate a unique ID for each service and store those within an internal database, making it so that man in the middlesque attacks can only compromise one service at a time. Best of all, you can regenerate stolen passwords. You would probably be able to do all that using less battery power than an ECG reader, it would log you in quicker, and I would imagine be even cheaper to build. - This is the sort of software that I imagine will reign supreme in the wearable computing world.

There would only be additional benefit if the bracelet also performed medical functions. Generate a quasi-ECG readout that can be sent to an emergency services hotline if you pass out, help them work out whether it's a serious cardiac issue or a simple vasovagal, and determine how quickly an ambulance needs to get to you. Otherwise, it's redundant.

But as a replacement for a car or hotel key it's a great idea. Much harder to clone biometrics than a car key.

As to the guy who posts in every thread telling everyone to rebel against biometrics... That is totally irrelevant. Nobody (who knows what they're doing) is relying on biometrics alone. If you steal the biometrics for every customer that won't get you anything because this wristband appears to have an elliptic curve private key embedded inside.

They will not be storing the ECC private key on their server, so it doesn't matter if someone hacks the server. They need your wristband to impersonate you, I addition to your biometrics

My question is how much does it cost? Does my car manufacturer, the hotel chain and every grocery store in the world need to pay them royalties? That will kill it.

What happens when your health goes bad. You get bronchitis and can't get enough oxygen so your heart beats faster to compensate. Or a burglar breaks into your house and your heart is racing and you can't call 911 because your phone won't unlock. Or you are diabetic and your blood sugar drops and your heart rate slows and again you are locked out of your phone or a door. You have chest pains and can't get to your nitro because your house is locked, and can't call 911 for the same reason. What if a million different things change your heart rate? Medications are stopped or started, you are sleepy or excited. This doesn't seem feasable.

Is it secure? That's not the question, I'm skeptical it'll even be able to identify the same person two days in a row. In fact, if it's a bracelet, you don't even have the benefit of a 3, 12 or 15-lead ECG; you have one lead, if that. So you have minimal detail to start with.

Firstly, a baseline ECG looks fairly similar form person to person. A normal sinus rhythm has a P wave, a T wave and a QRS complex with discrete Q, R or S waves depending on the specific lead. Variations on that are usually bad because they indicate inefficient cardiac function. So any two healthy people will look so similar that the device probably can't reliably differentiate them.

Secondly, your ECG will change constantly. I'm a young, healthy person and as a result, every time I breathe in, the raised intrathoracic pressure compresses my vagus nerves and the heart itself. Those two effects slow the heart rate, and rhythmically increase and then decrease the volume of blood entering the heart, which will also change the ECG as the heart moves in space. From breath to breath, my ECG changes in a way that can't easily be predicted by a bracelet.

Thirdly, any new or resolved arrhythmia will confound it. I might have an implanted defibrillator that fires when I have a run of ventricular tachycardia (VT) above 120 beats per minute. That's normal for me, but it means I'm susceptible to massive changes over time. What if I'm on a beta blocker, but my dose or diet has changed in a way that changes its effect? What if I'm normally on digoxin for atrial fibrillation, but my dose or its effect has change (which is *very* common), altering the visibility of P waves and the pattern of QRS complexes?

Fourthly, even non-cardiac physiology affects the heart. What if I've just run a marathon and my serum potassium is through the roof? Instant arrhythmia. What if I have stable angina, and my chest hurts right now? Same thing. What if I'm stressed out, having an early infarct, wearing the bracelet on the wrong wrist, anything?

I'm completely skeptical that this device can even identify that the same user has used the bracelet two days in a row.